DEBIAN-CVE-2016-9082

Integer overflow in the writepng function in cairo 1.14.6 allows remote attackers to cause a denial of service invalid pointer dereference via a large svg file...

UBUNTU-CVE-2016-2318

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted SVG file, related to the 1 DrawImage function in magick/render.c, 2 SVGStartElement function in coders/svg.c, and 3 TraceArcPath function in magick/render.c...

UBUNTU-CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service arithmetic exception and application crash via a crafted svg file...

DEBIAN-CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service arithmetic exception and application crash via a crafted svg file...

Updated python-pycrypto packages fix security vulnerabilities

This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...

DEBIAN-CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

UBUNTU-CVE-2016-7798

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

mod_cluster: Protocol parsing logic error

An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...

PHP 'ext/pcre/php_pcre.c' Information Disclosure Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. PHP...

CVE-2016-5697

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...

CVE-2016-5224

A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page...

CVE-2016-5204

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Citrix Provisioning Services Buffer Overflow Vulnerability

Citrix Provisioning Services enables the creation of a set of images that use streaming technology to transport physical and virtual servers, reducing storage requirements and enabling fast, consistent and reliable application deployment. A buffer overflow vulnerability exists in Citrix...

Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

SAP HANA Information Disclosure Vulnerability (CNVD-2016-13026)

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. SAP HANA has an information disclosure vulnerability that can be exploited by attackers to obtain...

Microsoft Internet Explorer 9 - IEFRAME CMarkup­Pointer::Move­To­Gap Use-After-Free

!-- Source: http://blog.skylined.nl/20161215001.html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. The use appears to happen only once almost immediately after the free, which makes practical exploitation unlikely. Known affecte...

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser...

CVE-2016-6847

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This c...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

LocalTapiola: Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctx parameter in http://viestinta.lahitapiola.fi/webApp/sankarikoulutus, can be exploited to perform an XSS Attack. Description: When a user clicks on a map area, The following POST request is generated : POST / HTTP/1.1 Host: viestinta.lahitapiola.fi...